Cisco Adds Vulnerability Identification to Tetration Platform

Cisco today announced the availability of identification of software vulnerabilities and exposures as part of the security capabilities of its Tetration platform.

Designed to offer workload protection for multi-cloud data centers through a zero-trust model that employs segmentation, the platform can now also detect vulnerabilities associated with software installed on servers.

With support for both on-premises and public cloud workloads, Tetration can now help identify security incidents faster, as well as contain lateral movement, in addition to reducing attack surface, Cisco says.

“Tetration is equipped to identify high severity security events such as Spectre and Meltdown using behavior-based anomalies,” Cisco notes.

The platform maintains an inventory of the software packages installed on the server, along with information on version and publisher. Leveraging the Common Vulnerabilities and Exposure (CVE) database, Tetration can detect packages with known CVEs.

The platform also offers a scorecard ranking the severity of specific vulnerabilities and reveals which servers might be affected, thus helping IT organizations proactively set up filters to find additional vulnerabilities.

Now, Tetration can also collect and maintain information about running processes on each server, on a real-time basis, Cisco announced. This should help IT managers find servers on which specific processes are running or have run. The collected information includes ID, parameters, duration, hash (signature), and the user running the process.

The identification of application behavior deviations from the baseline is also available on the platform, through the monitoring of workloads and networks for behavior that might be suspicious. Tetration first creates an application behavior baseline and then keeps an eye out for any deviations to identify attacks.

“For example, a process might seek to obtain privileged access that it should not have under normal behavior and use that privilege to execute a series of operations. Tetration can provide a time-series view of history to visualize process hierarchy and behavior information,” Cisco says.

The platform can search for specific process events and discover details such as privilege escalation, shell code execution, and side channel attacks.

According to Cisco, process behavior monitoring and identification of vulnerabilities allow Tetration to identify anomalies in minutes and reduce the attack surface up to 85%, while efficient application segmentation minimizes lateral movement. Furthermore, automation allows for a 70% reduction in human intervention to enable a zero-trust model.

“Tetration is powered by big data technologies to support the scale requirements of data centers. It can process comprehensive telemetry information received from servers in real-time (up to 25,000 servers per cluster). Tetration can enforce consistent policy across thousands of applications and tens of millions of policy rules,” Cisco notes.